Microsoft’s product and infrastructure surface faces four distinct threat items this week: DragonForce ransomware abusing Microsoft Teams TURN relay infrastructure for C2 concealment (CVE-2023-52271, CVE-2025-61155, CVE-2025-1055); a USB-borne clipboard hijacker targeting Windows endpoints with Tor-based C2; a USB worm combining LNK abuse and clipboard hijacking to steal cryptocurrency; and a Microsoft Entra ID misconfiguration that nearly enabled unauthorized access to World Cup broadcast infrastructure. The breadth of this week’s Microsoft-surface exposure spans cloud identity, endpoint scripting environments, and collaboration infrastructure.